Skip to Content

Configure Agent workflow for different entity

Hi all,

We are planning to modify the workflow in our system and I need some help on the correct approach to acheive this.

In our current system the workflow is set as follows.

New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found-->Routed to local SOX team(Only 1 at thi spoint).If local SOX is unable to determine-->It gets sent to corporate SOX for mitigation of risk-->Gets back to role owner-->Security for closure..

We currently have only 1 entity. But from next month onwards we are adding 2 more entities to GRC AC and hence it is expected the workflow to works as follows

New or change workflow submitted-->Manager approves-->Role owner approves-->If any unmitigated risk is found on a role/user that belongs to Entity1-->Routed to local SOX team of Entity 1 and similarly if the role/user belongs to entity2 it should get routed to Entity2 etc-->If local SOX of any entity is unable to determine-->It gets sent to corporate SOX for mitigation of risk and then -->Gets back to Role owner stage for approval-->Then security stage for final completion.

My requirement is to modify our currently workflow to enable request to get routed to appropriate local SOX.

1. We are in the process of redoing all of teh security roles build in the past and are re-building it with correct naming conventions. Each role built entity specific is now assigned to respective Entity name in "Project reelase attribute of the role". Also we have users assigned to user groups based on the entity. These are the only 2 object that can be used to distinguish between users and roles.

So I thought of creating a Custom Agent rule. But unfortunately the Project release(attribute of the role) is not available to me as an option for selection in decision table. SO I took the user group as the selection object. If user group is USG1 then route to User 1(local SOX tem). If user group is USG2 then route to User 2.

I am unsure if this is the correct way to do it as I am not happy hard coding the user ID's in decision table.

We are currently in V10/SP15.

Please help with some idea on how to approach this.

Thanks

Lakshmi

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Sep 12, 2015 at 10:20 AM

    hi,

    could you say, how many entities you have? if you ave less, then hard-coding them is not much of a task

    Regards

    plaban

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Lakshmi Priya

      hi,

      since your mapping(user group to SOX users) is not captured in any SAP standard table, you can map them in a custom table(with column SOX_USER and USER_GROUP). therafter, use a DBLoopup, to retrieve a SOX user, where Clause is User group from Request is equal to USER_GROUP

      So, you have to maintain a Custom table, with appropriate mapping

      regards

      Plaban

  • Posted on Sep 14, 2015 at 06:44 AM

    Hello,

    if i understand your workflow.

    Manager >Approves>Role Owner>SOD risk Analysis> Approves>if SOD Violation > SOD Team> SOD Violation> Corporate Compliance> Role Owner> Security.

    in this case Role owner has to approve twice?

    this can be achieved.

    make risk analysis mandatory at role owner stage and put SOD violation routing rule.

    send it to Local SOD team make risk analysis mandatory and put routing rule SOD Violation routing rule.

    Regards,

    Prasant

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.